cookbook 'omnibus-gitlab', '= 0.3.2'
omnibus-gitlab (11) Versions 0.3.2 Follow8
Installs/Configures GitLab using omnibus-gitlab
cookbook 'omnibus-gitlab', '= 0.3.2', :supermarket
knife supermarket install omnibus-gitlab
knife supermarket download omnibus-gitlab
cookbook-omnibus-gitlab-cookbook
Install GitLab Community Edition or Enterprise Edition omnibus packages from
packages.gitlab.com.
Supported Platforms
See packages.gitlab.com/gitlab/gitlab-ce.
Attributes
-
node['omnibus-gitlab']['package']['repo']
defaults togitlab/gitlab-ce
. Usegitlab/gitlab-ee
for GitLab Enterprise Edition -
node['omnibus-gitlab']['package']['name']
defaults togitlab-ce
. Usegitlab-ee
for GitLab Enterprise Edition
For more available attributes see attributes/default.rb
.
Examples
Install GitLab Community Edition 7.11.1~omnibus-1
.
{
"omnibus-gitlab": {
"package": {
"version": "7.11.1~omnibus-1"
},
"gitlab_rb": {
"external_url": "http://gitlab.example.com"
}
}
}
Install GitLab Enterprise Edition 7.11.1~ee.omnibus-1
.
{
"omnibus-gitlab": {
"package": {
"repo": "gitlab/gitlab-ee",
"name": "gitlab-ee",
"version": "7.11.1~ee.omnibus-1"
},
"gitlab_rb": {
"external_url": "http://gitlab.example.com"
}
}
}
Usage
omnibus-gitlab::default
Installs a GitLab omnibus package, renders /etc/gitlab/gitlab.rb
, manages SSL
certificates.
omnibus-gitlab::backup_cron_job
Create/remove a cron job for GitLab backups. Defaults to daily backups at 0:45.
Use 'gitlab.rb' to configure parameters like rotation and cloud uploads.
Examples
Disable backups of repositories and uploaded files:
{
"omnibus-gitlab": {
"backup_cron_job": {
"skip": [
"repositories",
"uploads"
]
}
}
}
Run the backup script with progress messages:
{
"omnibus-gitlab": {
"backup_cron_job": {
"silent": false
}
}
}
Secrets
Starting with version 0.3.0, this cookbook supports reading secrets from Chef Vault or Encrypted Data Bags.
Chef Vault
To get the cookbook to read a Chef Vault item, you need to specify chef_vault
attribute with the name of the Vault.
Eg. In a role "gitlab-example-com" we can read secrets from Vault named gitlab-example-com
:
{ "name": "gitlab-example-com", "default_attributes": { "omnibus-gitlab": { "chef_vault": "gitlab-example-com", "package": { "repo": "gitlab/gitlab-ce", "version": "7.14.1-ce.0" }, "gitlab_rb": { "external_url": "http://gitlab.example.com" "gitlab_rb": { "gitlab-rails": { "secret_token": "Read from Vault." } } } } } }
Chef Vault item will look similar to:
{ "id": "_default", "omnibus-gitlab": { "gitlab_rb": { "gitlab-rails": { "secret_token": "12334qwerty" } } } }
Encrypted Data Bag
To get the cookbook to read an Encrypted Data Bag item, you need to specify data_bag
attribute with the name of the data bag. As a prerequisite, node needs to have the encrypted_data_bag_secret
in /etc/chef/
directory in order to be able to decrypt the secrets.
Eg. In a role "gitlab-example-com" we can read secrets from Encrypted Data Bag named gitlab-example-com
:
{ "name": "gitlab-example-com", "default_attributes": { "omnibus-gitlab": { "data_bag": "gitlab-example-com", "package": { "repo": "gitlab/gitlab-ce", "version": "7.14.1-ce.0" }, "gitlab_rb": { "external_url": "http://gitlab.example.com" "gitlab_rb": { "gitlab-rails": { "secret_token": "Read from Data Bag." } } } } } }
Encrypted data bag item will look similar to:
{ "id": "_default", "omnibus-gitlab": { "gitlab_rb": { "gitlab-rails": { "secret_token": "12334qwerty" } } } }
Contributing
- Fork the repository on GitLab.com
- Create a named feature branch (i.e.
add-new-recipe
) - Write you change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request
License and Authors
Author:: Marin Jankovski (marin@gitlab.com)
Author:: Jacob Vosmaer (jacob@gitlab.com)
Dependent cookbooks
gitlab-attributes-with-secrets >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
0.2.0
- Render omnibus-gitconfig in gitlab.rb
- Update Vagrantfile for easier development
- Switch from package file downloads to packages.gitlab.com
We no longer support entering a URL+SHA256 in the attributes to select the
package that gets installed. Instead, we add packages.gitlab.com as an apt/yum
repo and install the package with apt or yum. You can control which version
gets installed with the node['omnibus-gitlab']['package']['version']
attribute.
GitLab CE:
{
"omnibus-gitlab": {
"package": {
"version": "INSERT VERSION"
}
}
}
GitLab EE:
{
"omnibus-gitlab": {
"package": {
"repo": "gitlab/gitlab-ee",
"name": "gitlab-ee",
"version": "INSERT VERSION"
}
}
}
0.1.3
Create the SSL key and certificate for GitLab CI
Also render ci_external_url and git_data_dir in gitlab.rb
0.1.2
- Prevent storing secrets in the Chef node object
Cookbook-omnibus-gitlab allows you to keep secret Omnibus-gitLab settings
(passwords, keys) in an encrypted data bag. These secrets then get decrypted
during the Chef client run on your GitLab server. Due to a programming error,
the cookbook-omnibus-gitlab would then send the plaintext secrets back to the
Chef server to be stored in the node's database record. This defeats one of the
purposes of using encrypted data bags, namely to keep plaintext secrets off of
the Chef server.
In version 0.1.2 we make sure that the secrets stored in the encrypted data bag
do not get sent back to the server.
If you have been using cookbook-omnibus-gitlab with an encrypted data bag you
should upgrade to cookbook-omnibus-gitlab 0.1.2 or newer and inspect your
GitLab nodes to look for secrets:
knife node show gitlab.example.com --format json
If some of your cookbook-omnibus-gitlab secrets got uploaded to the Chef server
you can delete them from the node object using knife node edit
after you upgrade cookbook-omnibus-gitlab to 0.1.2 or
gitlab.example.com
newer.
As an additional measure you may want to consider changing the affected
passwords and keys.
0.1.1
0.1.0
Initial release of cookbook-omnibus-gitlab
Foodcritic Metric
0.3.2 failed this metric
FC009: Resource attribute not recognised: /tmp/cook/36f3da0b6a893c9b2c394077/omnibus-gitlab/recipes/default.rb:40
0.3.2 failed this metric